Setting Up Your Own VPN

A VPN is a virtual private network. It is virtual because one creates a virtual tunnel between your computer and a server to exchange data. It is private because it is supposed to require a username and a password to be accessed and it is a network because it links more devices to one or more servers all over different locations. A VPN helps you surf the web anonymously for two reasons:

the websites you visit, see the VPN serverâs ip, not yours.

VPN basically encrypts all the traffic before ISP (internet service provider) can intercept it.

There are free versions and paid ones. But still the VPN provider can read your traffic. So you have to trust someone one way or another. What if you could set up your own VPN instead ? It would be totally free and totally (really ?) secureâ¦

A WORLD OF POSSIBILITIES

When you set your mind on the idea of creating your own virtual private network, a world of different possibilities comes to you. Reading on, youâll encounter some technicalities but the detailed explanation of softwareâs installation is left to other articles you can find on the web. This article wants, in particular, to help you discerning what is the best choice for you. The following list is used as a guideline:

VPN on a cloud

streisand

algo

VPN on a NAS

VPN on a router

supported routers

flashing DD-WRT

flashing OpenWrt

flashing TomatoUSB

VPN on a personal computer

VPN on a Raspberry Pi

VPN ON A CLOUD

Hosting a VPN on a cloud is becoming a very common practice. Installing softwares like Algo and Streisand on your laptop, give you the possibility of creating servers on cloud services like Amazon EC2, Azure, Digital Ocean, Google, Linode and Rackspace Cloud. The basic process is creating an account on one of the above cited cloud providers (there are free and paid versions), installing the particular software you need (it requires a little configuration but nothing very hard) and youâre done. In the following lines, Iâll explain in details the process of installing Streisand and Algo.

STREISAND

Streisand is a software that allows you to create an Ubuntu 16.04 server on a variety of cloud providers like Amazon, Google and many more. More than this, Streisand installs on your server a lot of anti-censorship tools like Stunnel, Tor, sslh, OpenVPN, OpenSSH, Monit, L2TP/IPsec, Shadowsocks, UFW. Installing Streisand is easy and requires only few commands in your terminal:

Next you can follow the terminal-wizard choosing the provider, the location of the server, the name of the server and so on. At the end of the procedure, an HTML file will be generated, with the instructions to connect to the server through SSL or Tor. Now youâre done with the installation and you can enjoy the navigation through your brand new VPN.

Algo VPN is a set of Ansible scripts that simplify the setup of a personal IPSEC VPN. It uses the most secure defaults available, works with common cloud providers, and does not require client software on most devices.

To install algo on your personal computer, write the following commands in your terminal:

Open config.cfg in a text editor and choose the list of users in the users list.

In the Algo directory run

1

./algo

As you can see, Algo does not support a Tor bridge which is the reason why I prefer Streisand for the moment.

Now you can follow the wizard. At the end of the procedure you will see the subsequent message:

VPN ON A NAS

A NAS (Network Attached Storage) is basically a storage system that has all the key features of a small server. It often has a linux based operating system on it and it usually can be accessible by operating systems of all kind. A NAS can be linked to one or more hard disks. Connecting to the NAS gives many people all over the world the possibility to access the data stored in it. You can implement a VPN on your NAS, using it as a real server.

VPN ON A ROUTER

Many routers support the creation of a VPN, many others donât. On the routers that are not supported, you can flash a new firmware that

drastically improves your routerâs performances

gives you the possibility of creating a VPN on your router

Here is the key question: why should you install a VPN on your router? The answer is that having the VPN installed on your router, gives you the possibility of connecting any devices you want having them fully covered with your VPN with a single account. Said this, there are many custom firmwares that you can flash into your router. The most famous are:

DD-WRT

OpenWrt

TomatoUSB

There are also many routers that come with this custom firmwares pre-installed. Some VPN vendors also sell routers of this genre.

VPN ON A PERSONAL COMPUTER

All the existent operating systems offer the possibility of installing a VPN server software. The con of this option is that your pc may not be always on, so the VPN wouldnât be always accessible. Anyway it is much cheaper than buying a NAS.

VPN ON A RASPBERRY PI

At this point of my article youâve certainly understood that you can install a VPN on every computer-like device…So why donât you try with a Raspberry Pi ? You shouldnât trust a public Wi-Fi when using your credentials on a bank site, instead it would recommendable using a virtual private network residing, for example, on your Raspberry Pi. Setting up a VPN on a Raspberry Pi is a little bit complex, Iâll try to explain the key concepts of the installation procedure in the most user-friendly manner, but for an in-depth tutorial I invite you to read the numerous specific articles youâll find on the web. So the key concepts are:

Raspberry Pi model B.

NOOBS (new out of the box software), an easy OS installer.

Raspbian, the official supported operating system for Raspberry Pi.

Open VPN, the open source software which will give life to your VPN.

Change your Raspberry Piâs default username and password to something strong (this is fundamental to achieve the security you need for your VPN).

Generate keys with Easy_RSA. You do this because you donât want your VPN address to be accessible by anyone. In this way, only the authorized devices can access your VPN.

Build the CA certificate. The CA (certificate authority), is the organization that checks if a website declares a false identity. When you visit your bankâs site and you sign in with your account, the site presents to you a certificate validated by the CA. Only in this way you can be sure youâre visiting exactly your bankâs site and not a phishing site. In this case you are the certificate authority of yourself.

Static IP on the local network. We want our Raspberry Pi to have always the same IP, being always easily accessible. We achieve this, modifying the etc/network/interfaces file on Raspbian.

Portforwarding on your router. We want the routerâs firewall to allow a connection between the external network and the internal one, through the UDP port 1194.

Generate keys for all the client devices. I recommend generating a different one for each device, or youâll not be able to connect with every device at the same time.

CONCLUSIONS

Now that we briefly looked over all the possibilities you have when youâre creating your personal VPN, itâs time to punctuate some important considerations. Setting up a VPN with the methods explained, protects you from showing your activity to your ISP, gives you the possibility of accessing data stored on the server from all over the world and guarantees protection from censorship. For what concerns anonymity, I must warn you, setting up a VPN on a laptop, on a Raspberry Pi, on a NAS, on a router or on any other device located in your home WILL NOT GRANT YOU ANONYMITY. So you may think that the cloud solution is the best one, because it lets you connect to a virtual server pretending to be located in any location you want.

To be sincere, even this option is not really reliable. In fact in order to use Algo or Streisand, you have to create an account with Amazon, Azure on any other provider; during the registration process youâll be asked for a lot of personal informations and many security checks and identification processes will be applied. So even if the server is virtually untraceable, it is related to your personal account. Itâs not that easy to create an anonymous Amazon accountâ¦but itâs still not impossible (if you know how to do it). Donât think to use this kind of VPN to hack or do anything illicit. For this kind of purposes, just for the pleasure of discussing, the paid versions like HMA, NordVPN and so on, are often preferred. Youâll be thinking that there âstill remains the problem of the provider spying on my activityâ…and youâre right, but fortunately Tor comes in help. If you first connect to Tor and then to your VPN provider, the VPN server will only see the Tor ip, not yours.

Concluding, always remember: if you do something stupid enough to anger people with enough resources, thereâs no hope for you to remain anonymous. Anonymity is a fact of not carrying out a stupid action, more than worrying about how to hide that action.

You might also like

9 comments

this is such a retarded idea. running your own VPN as a criminal is the worst possible idea. you have no one to blend in with. yes great advice to use HideMyAss, the VPN that got those anon kids caught. get rid of this author. doesn’t know shit.

The point of own VPN is have no-log proxy that
“protects you from showing your activity to your ISP”
because of encryption. Some countries are very invasive (*cough* China), many countries cross the boundary that reasonably makes people privacy concerned even if they are not doing illegal stuff. It just feels good to step up your privacy.

But even for hiding illegal activity, having a proxy in a country on the other end of the world in undeveloped country makes the traffic analysis pain in the ass since your local ISP and authorities don’t know anything about your traffic because of encryption. You can never be 100% safe, but step up your security through obscurity

I agree with those who note that home-vpn is only modest virtual encryption. We are still hardwired static machines (peekaboo). Chinese government accepts this page’s “modesty”, recommended for young ladies and school children. What seems curious is your account cipher sitting in one place on commercial vpn account, sitting, sitting there some more, and more, and more… obviously watched by more than China. VPN speeds up enforcement reports massively: i just open target page and it gets flagged, no need to shell back on other machine a week later, one day later offensive site down. What baffles me is why ‘vpn’ is so uncreative. Ok, so you vpn your desktop, then how about jump into tor for a ride to hide-my-ass? Btw, half the vpn’s out there won’t touch you if they can’t nail down your geotrace with machine hooks (nix hma). At least with a screened router clouded in google your not-usa vpn service lets tor bounce away each time RU’s bratva will attempt to fix your visiting device handles, as they do for every visitor (their mafia engineers used ‘guided entry’ to setup nsa). If like nord, your usa service recommends their own tor network, move away fast, move very far away very fast and don’t look back. because they too re-key every 3,600s, compare to tor threat response 3ms or less, forget that, nord has you covered? I think Dude who first blessed this post with disrespect forgot about the move away option while creatively applying anything that has some merit. If you buy an Apple Airport router and seek advanced support setup, you will be asked, ‘like vpn or open for sharing?’ Sharing is the Apple default, but not the only use. On your own device, do not icloud anything and you are vpn. Bling! In it’s own way, good and bad, everything works together. Life lived well is love, not rocket science. Be modest, eh.